Nigh-Indestructible Cookie

Slashdot links to the efforts of a security researcher proving out a contention Ed Felten offered early on in discussions of tracking technologies. If you use legislation or technology to obliterate one form of tracking without addressing the core behavior and economics that drive it, advertisers will just route around the obstacle.

evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they’ve removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.

There are ways to defend against the various technologies used. At the proof of concept site, you can test your deletion techniques interactively. There are also more techniques for making the evercookie more insidious that have not yet been implemented.

This shows that a determined advertiser could make the cost of avoiding tracking increasingly high, to the point where more folks are likely to get snared. This doesn’t even take into account the work by the EFF on browser finger printing for which there is no effective defense though some browser makers are seriously considering how to change that.

Introducing the Invulnerable Evercookie, Slashdot

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>